Nextcloud über Reverse Proxy

I would like to share my fully functional configuration with reverse proxy to future users.

I had troubles accesing NextCloud and the help I found in this thread help me to fix it.

Proxy:

<VirtualHost *:80>
  DocumentRoot /var/www
  ServerName cloud.mydomain.com

  ## Redirigir HTTP -> HTTPS
  RewriteEngine On
  RewriteRule ^/?(.*) https://%{SERVER_NAME}:443/$1 [R,L]
</VirtualHost>

<IfModule mod_ssl.c>
<VirtualHost *:443>
    ServerName cloud.mydomain.com
    DocumentRoot /var/www
    CustomLog /var/log/apache2/cloud-access.log combined
    ErrorLog /var/log/apache2/cloud-error.log
    
# Proxy al VM 192.168.1.63
    ProxyPreserveHost On
    ProxyPass /          http://192.168.1.63/
    ProxyPassReverse /   http://192.168.1.63/
    
    
    RewriteEngine On
	RewriteRule ^/\.well-known/carddav https://%{SERVER_NAME}/remote.php/dav/ [R=301,L]
	RewriteRule ^/\.well-known/caldav https://%{SERVER_NAME}/remote.php/dav/ [R=301,L]


# Required for Nextcloud
    <IfModule mod_dav.c>
        Dav off
    </IfModule>

# COMMENT THIS BEFORE CREATING THE SSL CERTS
# Security improvements
    Protocols h2 http/1.1
    SSLEngine on
    <IfModule mod_headers.c>
        Header always set Strict-Transport-Security "max-age=15768000; includeSubDomains; preload"
    </IfModule>
# Enable only strong encryption ciphers and prefer versions with Forward Secrecy
    SSLCipherSuite HIGH:RC4-SHA:AES128-SHA:!aNULL:!MD5
    SSLHonorCipherOrder on
# Disable insecure SSL and TLS versions
    SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
# The following lines prevent .htaccess and .htpasswd files from being viewed by Web clients.
    <Files ".ht*">
        Require all denied
    </Files>
# Disable HTTP TRACE method.
    TraceEnable off
# Disable HTTP TRACK method.
    RewriteEngine On
    RewriteCond %{REQUEST_METHOD} ^TRACK
    RewriteRule .* - [R=405,L]
# Avoid "Sabre\DAV\Exception\BadRequest: expected filesize XXXX got XXXX"
    <IfModule mod_reqtimeout.c>
        RequestReadTimeout body=0
    </IfModule>



SSLCertificateFile /etc/letsencrypt/live/mydomain.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/mydomain.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
</IfModule>

.
.
.
.
.
Virtutal machine with NextCloud

<VirtualHost *:80>
	ServerName 192.168.1.63
	ServerAdmin webmaster@localhost

	DocumentRoot /var/www/nextcloud/
	ErrorLog ${APACHE_LOG_DIR}/error.log
	CustomLog ${APACHE_LOG_DIR}/access.log combined
	

	<Directory /var/www/nextcloud/>
	  Require all granted
	  AllowOverride All
	  Options FollowSymLinks MultiViews
	</Directory>
	
	<IfModule mod_dav.c>
      Dav off
	</IfModule>
	
	SetEnv HOME /var/www/nextcloud/
	SetEnv HTTP_HOME /var/www/nextcloud/
</VirtualHost>


#<VirtualHost *:443>
    # Nothing
#</VirtualHost>

NextCloud config.php

<?php
$CONFIG = array (
  'passwordsalt' => 'HIDE',
  'secret' => 'HIDE',
  'trusted_domains' => ['192.168.1.*', 'mydomain.com', 'cloud.mydomain.com'],
  'datadirectory' => '/mnt/HDD1/NC_data',
  'dbtype' => 'mysql',
  'version' => '20.0.4.0',
  'dbname' => 'nextcloudDB',
  'dbhost' => '192.168.1.62:3306',
  'dbport' => '',
  'dbtableprefix' => 'oc_',
  'mysql.utf8mb4' => true,
  'dbuser' => 'nextcloudDBuser',
  'dbpassword' => 'nextcloudDBpsw',
  'installed' => true,
  'instanceid' => 'HIDE',
  'memcache.local' => '\OC\Memcache\Redis',
  'memcache.distributed' => '\OC\Memcache\Redis',
  'memcache.locking' => '\OC\Memcache\Redis',
  'redis' => 
  array (
    'host' => '/var/run/redis/redis-server.sock',
    'port' => 0,
    'timeout' => 1.0,
  ),
  'blacklisted_files' => ['.htaccess','Thumbs.db','thumbs.db','prohib.ido'],
  'loglevel' => 2,
  'log_rotate_size' => 3145728,
  'mail_smtpmode' => 'smtp',
  'mail_smtpauthtype' => 'LOGIN',
  'mail_smtpsecure' => 'ssl',
  'mail_from_address' => 'email',
  'mail_domain' => 'gmail.com',
  'mail_smtpauth' => 1,
  'mail_smtphost' => 'smtp.gmail.com',
  'mail_smtpport' => '465',
  'mail_smtpname' => 'email@gmail.com',
  'mail_smtppassword' => 'password',
  'enable_previews' => true,
  'preview_max_x' => 1000,
  'preview_max_y' => 1000,

  'overwrite.cli.url' => 'https://cloud.mydomain.com/',
  'htaccess.RewriteBase' => '/',
  'overwritehost' => 'cloud.mydomain.com',
  'overwriteprotocol' => 'https',
  'overwritewebroot' => '/',
  'overwritecondaddr' => '^192.168.1.61$',
  'trusted_proxies' => ['192.168.1.61', '192.168.5.0/24'],
  'forwarded_for_headers' => ['HTTP_X_FORWARDED_FOR','HTTP_X_FORWARDED'],
  'maintenance' => false,
);
3 Likes